py-pillow_heif: update to 1.4.0.
## [1.4.0 - 2026-06-10]
### Changed
- `libheif` was updated from the `1.21.2` to `1.23.0` version. #426
- `libde265` was updated from the `1.0.16` to `1.1.0` version. #426
- `libx265` was updated from the `4.1` to `4.2` version. #426
- Minimum required `libheif` version is `1.19.0`. #416
### Removed
- `options.ALLOW_INCORRECT_HEADERS` option. Starting with `libheif` `1.22.0`, libheif itself rejects images whose decoded size does not match the `ispe` header. #426
### Fixed
- `sRGB` NCLX color profile (`BT.709` primaries) is now written by default during encoding when no color information was provided, to avoid color shifts in viewers. #407
moor: update to 2.15.1.
2.15.1
This release fixes a bug where providing an initial search query on the
command line would both search and scroll to the end of the document.
With this release, we just show the first hit. Which is what we always
should have done.
2.15.0
Accept +/pattern command line argument
This will make moor behave as if you started moor, typed / to start
searching, typed pattern as the search pattern and then pressed Enter.
For great less compatibility.
digikam: update to 9.1.0.
digiKam 9.1.0 - Release date: 2026-06-07
NEW FEATURES:
Import : USB Mass Storage driver now support video thumbnails.
Advanced Search : Add "Clear All Groups" button in the SearchView interface.
Preview : Add support for Pixel motion photos, which are short videos embedded in pictures taken on Google Pixel phones.
Better support of the audio output selection provided by the video media player.
Database : Schema updated to support time-Zone with registered item time-stamps.
And lots of bugfixes.
kid3: update to 3.10.0.
Sat Jun 6 14:28:35 CEST 2026 Urs Fleisch <ufleisch at users.sourceforge.net>
* Release 3.10.0
* New:
+ Support for Matroska and WebM files.
+ MP4: Support both QuickTime and Nero Chapters, also with TagLib.
+ MP4: Support STEM.
+ WAV, FLAC: Support iXML and BEXT chunks.
+ Android: Select all/deselect all frames.
+ Android: Import/Export of chapters and synchronized lyrics as LRC files.
* Improved:
+ Improved save performance.
+ macOS: Consistent icon set with dark mode.
+ Export CSV, JSON: Only export selected folders.
[31 lines not shown]
py-zensical: update to 0.0.45.
This version reverts a behavior change in link validation that was
introduced in 0.0.44 which is causing false positives.
neomutt: update to 20260616.
2026-06-16 Richard Russon \<rich at flatcap.org\>
* Security
- #4900 bcache: sanitize mailbox names that escape the cache dir
- #4901 auth_gss: fix out-of-bounds read of GSS security token
* Bug Fixes
- #4866 Fix broken message-hook in the pager
- #4869 Fix duplicate "no mail" message
- #4874 Restore the `-C` command-line flag
- #4882 Refresh notmuch tag completion cache, and fix a tag completion crash
- #4893 Fix index-format-hook parsing
- #4897 Allow `<entire-thread>` from any mailbox type, and fix a related crash
- email: fix header rewind after mbox separator
- imap: retry login after a failure
- maildir/notmuch: fix memory leak
- config: fix inherited has_been_set
- main: fix inverted condition in init_nntp
* Code
- test: fix conddate after 2038
khard: update to 0.21.0.
v0.21.0 2026-06-15
- Remove support for python 3.9
- Fix bug skipping config's skip_unparsable setting (#355)
- Fix special handling for ambiguous date formats (#349)
- Add failing test for partial date with leap day
- Remove the autodoc typehints extension in sphinx
qbittorrent: update to 5.2.2.
Mon Jun 15th 2026 - sledgehammer999 <sledgehammer999 at qbittorrent.org> - v5.2.2
- FEATURE: Use D-Bus to show file in file managers (Chocobo1) #24340
- BUGFIX: Fix friendlyUnitCompact precision calculation (vafada) #24323
- BUGFIX: Remove all top-level folders (glassez) #24333
- BUGFIX: Use proper API for checking exit status (Chocobo1) #24349
- BUGFIX: Delete stale lockfile when hostname mismatch (TurboTheTurtle, glassez) #24363
- BUGFIX: Fix wrong removal procedure of watched folder paths (Chocobo1) #24413
- BUGFIX: Don't reannounce before interface changes are applied (glassez) #24447
- BUGFIX: Use Latin script for Bosnian locale name (Andy Ye) #24342
- WEBUI: Fix performance of global checkbox toggling (tehcneko) #24316
- WEBUI: Fix Safari transfer list header misalignment (Piccirello) #24377
- WEBUI: Fix error when submitting magnet before metadata loads (Piccirello) #24378
- WEBUI: Use correct row id when updating Rss Downloader feed selection (Chocobo1) #24402
- WEBUI: Use SameSite=Lax for session cookie to fix cross-site login (Piccirello) #24422
- WEBUI: Bring back properties panel expand/collapse button (vafada) #24430
- WEBAPI: Only use X-Forwarded-Host header when reverse proxy support is enabled (Chocobo1) #24457
- RSSS: Fix "RSS Smart Episode Filter" RegEx (nathanon-akk, glassez) #24398
[3 lines not shown]
nginx: Update to 1.30.3
Changes with nginx 1.30.3 17 Jun 2026
*) Security: a heap memory buffer overflow might occur in a worker
process when using a configuration with "ignore_invalid_headers off;"
and "large_client_header_buffers" with large configured values when
proxying a specially crafted request to HTTP/2 or gRPC backend,
allowing an attacker to cause worker process memory corruption or
segmentation fault in a worker process (CVE-2026-42055).
Thanks to Mufeed VH of Winfunc Research.
*) Security: a heap memory buffer overread might occur in a worker
process while handling a specially sent response with decoding from
UTF-8 via the "charset_map" directive, allowing an attacker to cause
a limited disclosure of worker proccess memory or segmentation fault
in a worker process (CVE-2026-48142).
Thanks to Han Yan of Xiaomi and p4p3r of CYBERONE.